Azure Virtual Networks

An Azure Virtual Network (VNet) is a fundamental building block for your private network in Azure. It enables many types of Azure resources, such as VMs, to securely communicate with each other, the internet, and on-premises networks.

You can create a VNet through the Azure portal, Azure CLI, PowerShell, or ARM templates. In the portal, navigate to “Create a resource” → “Networking” → “Virtual network” and follow the wizard.

Subnets divide a VNet into smaller address spaces, allowing you to segment resources for security and organization. Each subnet can be associated with Network Security Groups (NSGs) to control inbound and outbound traffic.

Yes. You can connect VNets using VNet peering or VPN gateways. VNet peering provides low-latency, high-bandwidth connectivity, while VPN gateways enable cross-region or on-premises connectivity.

An NSG contains a list of security rules that allow or deny inbound and outbound traffic to resources in a VNet. NSGs can be associated with subnets or individual NICs.

By default, VMs have internet access through a default route (0.0.0.0/0). If you use a custom route table or NSG that blocks outbound traffic, ensure you add an allow rule for the required ports or services.

Private Endpoints provide a private IP address from your VNet for Azure services like Azure Storage, SQL, and others, allowing secure, private connectivity without exposing the service to the internet.

Azure DDoS Protection Basic is enabled automatically for all Azure resources. For enhanced protection, enable Azure DDoS Protection Standard which provides additional mitigation capabilities, monitoring, and alerts.

Pricing details for VNets, peering, and related services can be found on the Azure Virtual Networks pricing page.